def GenerateSample(self, number=0): result = artifact_registry.Artifact(name="artifact%s" % number, doc="Doco", provides="environ_windir", supported_os="Windows", urls="http://blah") return result
def testValidateSyntaxMissingDoc(self): artifact = ar.Artifact(name="Baz", provides=["os"], supported_os=["Linux"]) with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "missing doc"): artifact.ValidateSyntax()
def testValidateSyntaxSimple(self): artifact = ar.Artifact(name="Foo", doc="This is Foo.", provides=["hostname", "domain"], supported_os=["Windows"], urls=["https://example.com"]) artifact.ValidateSyntax()
def testValidateSyntaxWithSources(self): registry_key_source = { "type": ar.ArtifactSource.SourceType.REGISTRY_KEY, "attributes": { "keys": [ r"%%current_control_set%%\Control\Session " r"Manager\Environment\Path" ], } } file_source = { "type": ar.ArtifactSource.SourceType.FILE, "attributes": { "paths": [r"%%environ_systemdrive%%\Temp"] } } artifact = ar.Artifact(name="Bar", doc="This is Bar.", provides=["environ_windir"], supported_os=["Windows"], urls=["https://example.com"], sources=[registry_key_source, file_source]) artifact.ValidateSyntax()
def testValidateSyntaxBrokenProvides(self): artifact = ar.Artifact(name="Thud", doc="This is Thud.", provides=["hostname", "garbage"], labels=["Network"]) with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "'garbage'"): artifact.ValidateSyntax()
def testValidateSyntaxInvalidLabel(self): artifact = ar.Artifact(name="Norf", doc="This is Norf.", provides=["domain"], labels=["Mail", "Browser", "Reddit"], supported_os=["Darwin"]) with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "'Reddit'"): artifact.ValidateSyntax()
def testValidateSyntaxInvalidSupportedOs(self): artifact = ar.Artifact(name="Quux", doc="This is Quux.", provides=["os"], labels=["Cloud", "Logs"], supported_os=["Solaris"]) with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "'Solaris'"): artifact.ValidateSyntax()
def testGetArtifactPathDependencies(self): sources = [{ "type": artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY, "attributes": { "keys": [ r"%%current_control_set%%\Control\Session " r"Manager\Environment\Path" ] } }, { "type": artifact_registry.ArtifactSource.SourceType.WMI, "attributes": { "query": "SELECT * FROM Win32_UserProfile " "WHERE SID='%%users.sid%%'" } }, { "type": artifact_registry.ArtifactSource.SourceType.GREP, "attributes": { "content_regex_list": ["^%%users.username%%:"] } }] artifact = artifact_registry.Artifact(name="artifact", doc="Doco", provides=["environ_windir"], supported_os=["Windows"], urls=["http://blah"], sources=sources) self.assertItemsEqual( [x["type"] for x in artifact.ToPrimitiveDict()["sources"]], ["REGISTRY_KEY", "WMI", "GREP"]) class Parser1(object): knowledgebase_dependencies = ["appdata", "sid"] class Parser2(object): knowledgebase_dependencies = ["sid", "desktop"] @classmethod def MockGetClassesByArtifact(unused_cls, _): return [Parser1, Parser2] with utils.Stubber(parsers.Parser, "GetClassesByArtifact", MockGetClassesByArtifact): self.assertItemsEqual(artifact.GetArtifactPathDependencies(), [ "appdata", "sid", "desktop", "current_control_set", "users.sid", "users.username" ])
def testValidateSyntaxBadSource(self): source = { "type": ar.ArtifactSource.SourceType.ARTIFACT_GROUP, "attributes": {} } artifact = ar.Artifact(name="Barf", doc="This is Barf.", provides=["os"], labels=["Logs", "Memory"], sources=[source]) with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "required attributes"): artifact.ValidateSyntax()
def testValidateSyntaxBadPathDependency(self): sources = [{ "type": artifact_registry.ArtifactSource.SourceType.FILE, "attributes": { "paths": [r"%%systemdrive%%\Temp"] } }] artifact = artifact_registry.Artifact(name="bad", doc="Doco", provides=["environ_windir"], supported_os=["Windows"], urls=["http://blah"], sources=sources) with self.assertRaises(artifact_registry.ArtifactDefinitionError): artifact.ValidateSyntax()
def testValidateSyntax(self): sources = [{ "type": artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY, "attributes": { "keys": [ r"%%current_control_set%%\Control\Session " r"Manager\Environment\Path" ] } }, { "type": artifact_registry.ArtifactSource.SourceType.FILE, "attributes": { "paths": [r"%%environ_systemdrive%%\Temp"] } }] artifact = artifact_registry.Artifact(name="good", doc="Doco", provides=["environ_windir"], supported_os=["Windows"], urls=["http://blah"], sources=sources) artifact.ValidateSyntax()